【漏洞详情】
微软于本周二发布2019年09月安全补丁,共修复安全漏洞81个,本次漏洞及补丁覆盖Adobe Flash Player、Microsoft Office SharePoint、Microsoft Windows、Windows RDP等产品,其中严重漏洞17个,攻击者可利用此类漏洞进行远程代码执行、内存破坏等攻击,修复的漏洞详细列表如下,请用户综合评估业务影响,并选择安排补丁升级。
|
序号 |
产品 |
CVE 编号 |
CVE 标题 |
严重程度 |
|
1 |
Adobe Flash Player |
ADV190022 |
September 2019 Adobe Flash 安全更新 |
Critical |
|
2 |
Microsoft Office SharePoint |
CVE-2019-1257 |
Microsoft SharePoint 远程代码执行漏洞 |
Critical |
|
3 |
Microsoft Office SharePoint |
CVE-2019-1295 |
Microsoft SharePoint 远程代码执行漏洞 |
Critical |
|
4 |
Microsoft Office SharePoint |
CVE-2019-1296 |
Microsoft SharePoint 远程代码执行漏洞 |
Critical |
|
5 |
Microsoft Scripting Engine |
CVE-2019-1208 |
VBScript 远程代码执行漏洞 |
Critical |
|
6 |
Microsoft Scripting Engine |
CVE-2019-1217 |
Chakra Scripting Engine 内存破坏漏洞 |
Critical |
|
7 |
Microsoft Scripting Engine |
CVE-2019-1221 |
Scripting Engine 内存破坏漏洞 |
Critical |
|
8 |
Microsoft Scripting Engine |
CVE-2019-1236 |
VBScript 远程代码执行漏洞 |
Critical |
|
9 |
Microsoft Scripting Engine |
CVE-2019-1237 |
Chakra Scripting Engine 内存破坏漏洞 |
Critical |
|
10 |
Microsoft Scripting Engine |
CVE-2019-1300 |
Chakra Scripting Engine 内存破坏漏洞 |
Critical |
|
11 |
Microsoft Windows |
CVE-2019-1280 |
LNK 远程代码执行漏洞 |
Critical |
|
12 |
Servicing Stack Updates |
ADV990001 |
Latest Servicing Stack Updates |
Critical |
|
13 |
Team Foundation Server |
CVE-2019-1306 |
Azure DevOps and Team Foundation Server 远程代码执行漏洞 |
Critical |
|
14 |
Windows RDP |
CVE-2019-0787 |
Remote Desktop Client 远程代码执行漏洞 |
Critical |
|
15 |
Windows RDP |
CVE-2019-0788 |
Remote Desktop Client 远程代码执行漏洞 |
Critical |
|
16 |
Windows RDP |
CVE-2019-1290 |
Remote Desktop Client 远程代码执行漏洞 |
Critical |
|
17 |
Windows RDP |
CVE-2019-1291 |
Remote Desktop Client 远程代码执行漏洞 |
Critical |
|
18 |
.NET Core |
CVE-2019-1301 |
.NET Core 拒绝服务漏洞 |
Important |
|
19 |
.NET Framework |
CVE-2019-1142 |
.NET Framework 特权提升漏洞 |
Important |
|
20 |
Active Directory |
CVE-2019-1273 |
Active Directory Federation Services XSS Vulnerability |
Important |
|
21 |
ASP.NET |
CVE-2019-1302 |
ASP.NET Core Elevation Of Privilege Vulnerability |
Important |
|
22 |
Common Log File System Driver |
CVE-2019-1214 |
Windows Common Log File System Driver 特权提升漏洞 |
Important |
|
23 |
Common Log File System Driver |
CVE-2019-1282 |
Windows Common Log File System Driver 信息泄露漏洞 |
Important |
|
24 |
Microsoft Browsers |
CVE-2019-1220 |
Microsoft Browser 安全功能绕过漏洞 |
Important |
|
25 |
Microsoft Edge |
CVE-2019-1299 |
Microsoft Edge based on Edge HTML 信息泄露漏洞 |
Important |
|
26 |
Microsoft Exchange Server |
CVE-2019-1233 |
Microsoft Exchange 拒绝服务漏洞 |
Important |
|
27 |
Microsoft Exchange Server |
CVE-2019-1266 |
Microsoft Exchange 欺骗漏洞 |
Important |
|
28 |
Microsoft Graphics Component |
CVE-2019-1216 |
DirectX 信息泄露漏洞 |
Important |
|
29 |
Microsoft Graphics Component |
CVE-2019-1244 |
DirectWrite 信息泄露漏洞 |
Important |
|
30 |
Microsoft Graphics Component |
CVE-2019-1245 |
DirectWrite 信息泄露漏洞 |
Important |
|
31 |
Microsoft Graphics Component |
CVE-2019-1251 |
DirectWrite 信息泄露漏洞 |
Important |
|
32 |
Microsoft Graphics Component |
CVE-2019-1252 |
Windows GDI 信息泄露漏洞 |
Important |
|
33 |
Microsoft Graphics Component |
CVE-2019-1283 |
Microsoft Graphics Components 信息泄露漏洞 |
Important |
|
34 |
Microsoft Graphics Component |
CVE-2019-1284 |
DirectX 特权提升漏洞 |
Important |
|
35 |
Microsoft Graphics Component |
CVE-2019-1286 |
Windows GDI 信息泄露漏洞 |
Important |
|
36 |
Microsoft JET Database Engine |
CVE-2019-1240 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
37 |
Microsoft JET Database Engine |
CVE-2019-1241 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
38 |
Microsoft JET Database Engine |
CVE-2019-1242 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
39 |
Microsoft JET Database Engine |
CVE-2019-1243 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
40 |
Microsoft JET Database Engine |
CVE-2019-1246 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
41 |
Microsoft JET Database Engine |
CVE-2019-1247 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
42 |
Microsoft JET Database Engine |
CVE-2019-1248 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
43 |
Microsoft JET Database Engine |
CVE-2019-1249 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
44 |
Microsoft JET Database Engine |
CVE-2019-1250 |
Jet Database Engine 远程代码执行漏洞 |
Important |
|
45 |
Microsoft Office |
CVE-2019-1297 |
Microsoft Excel 远程代码执行漏洞 |
Important |
|
46 |
Microsoft Office |
CVE-2019-1263 |
Microsoft Excel 信息泄露漏洞 |
Important |
|
47 |
Microsoft Office |
CVE-2019-1264 |
Microsoft Office 安全功能绕过漏洞 |
Important |
|
48 |
Microsoft Office SharePoint |
CVE-2019-1260 |
Microsoft SharePoint 特权提升漏洞 |
Important |
|
49 |
Microsoft Office SharePoint |
CVE-2019-1261 |
Microsoft SharePoint 欺骗漏洞 |
Important |
|
50 |
Microsoft Office SharePoint |
CVE-2019-1262 |
Microsoft Office SharePoint XSS Vulnerability |
Important |
|
51 |
Microsoft Windows |
CVE-2019-1215 |
Windows 特权提升漏洞 |
Important |
|
52 |
Microsoft Windows |
CVE-2019-1219 |
Windows Transaction Manager 信息泄露漏洞 |
Important |
|
53 |
Microsoft Windows |
CVE-2019-1267 |
Microsoft Compatibility Appraiser 特权提升漏洞 |
Important |
|
54 |
Microsoft Windows |
CVE-2019-1268 |
Winlogon 特权提升漏洞 |
Important |
|
55 |
Microsoft Windows |
CVE-2019-1269 |
Windows ALPC 特权提升漏洞 |
Important |
|
56 |
Microsoft Windows |
CVE-2019-1270 |
Microsoft Windows Store Installer 特权提升漏洞 |
Important |
|
57 |
Microsoft Windows |
CVE-2019-1271 |
Windows Media 特权提升漏洞 |
Important |
|
58 |
Microsoft Windows |
CVE-2019-1272 |
Windows ALPC 特权提升漏洞 |
Important |
|
59 |
Microsoft Windows |
CVE-2019-1235 |
Windows Text Service Framework 特权提升漏洞 |
Important |
|
60 |
Microsoft Windows |
CVE-2019-1253 |
Windows 特权提升漏洞 |
Important |
|
61 |
Microsoft Windows |
CVE-2019-1277 |
Windows Audio Service 特权提升漏洞 |
Important |
|
62 |
Microsoft Windows |
CVE-2019-1278 |
Windows 特权提升漏洞 |
Important |
|
63 |
Microsoft Windows |
CVE-2019-1287 |
Windows Network Connectivity Assistant 特权提升漏洞 |
Important |
|
64 |
Microsoft Windows |
CVE-2019-1289 |
Windows Update Delivery Optimization 特权提升漏洞 |
Important |
|
65 |
Microsoft Windows |
CVE-2019-1292 |
Windows 拒绝服务漏洞 |
Important |
|
66 |
Microsoft Windows |
CVE-2019-1294 |
Windows Secure Boot 安全功能绕过漏洞 |
Important |
|
67 |
Microsoft Windows |
CVE-2019-1303 |
Windows 特权提升漏洞 |
Important |
|
68 |
Microsoft Yammer |
CVE-2019-1265 |
Microsoft Yammer 安全功能绕过漏洞 |
Important |
|
69 |
Project Rome |
CVE-2019-1231 |
Rome SDK 信息泄露漏洞 |
Important |
|
70 |
Skype for Business and Microsoft Lync |
CVE-2019-1209 |
Lync 2013 信息泄露漏洞 |
Important |
|
71 |
Team Foundation Server |
CVE-2019-1305 |
Team Foundation Server Cross-site Scripting Vulnerability |
Important |
|
72 |
Visual Studio |
CVE-2019-1232 |
Diagnostics Hub Standard Collector Service 特权提升漏洞 |
Important |
|
73 |
Windows Hyper-V |
CVE-2019-0928 |
Windows Hyper-V 拒绝服务漏洞 |
Important |
|
74 |
Windows Hyper-V |
CVE-2019-1254 |
Windows Hyper-V 信息泄露漏洞 |
Important |
|
75 |
Windows Kernel |
CVE-2019-1274 |
Windows Kernel 信息泄露漏洞 |
Important |
|
76 |
Windows Kernel |
CVE-2019-1256 |
Win32k 特权提升漏洞 |
Important |
|
77 |
Windows Kernel |
CVE-2019-1285 |
Win32k 特权提升漏洞 |
Important |
|
78 |
Windows Kernel |
CVE-2019-1293 |
Windows SMB Client Driver 信息泄露漏洞 |
Important |
|
79 |
Microsoft Office SharePoint |
CVE-2019-1259 |
Microsoft SharePoint 欺骗漏洞 |
Moderate |
|
80 |
Microsoft Scripting Engine |
CVE-2019-1138 |
Chakra Scripting Engine 内存破坏漏洞 |
Moderate |
|
81 |
Microsoft Scripting Engine |
CVE-2019-1298 |
Chakra Scripting Engine 内存破坏漏洞 |
Moderate |
【风险评级】
高危
【影响范围】
本次补丁修复覆盖如下产品:
l Adobe Flash Player
l Microsoft Office SharePoint
l Microsoft Scripting Engine
l Microsoft Windows
l Servicing Stack Updates
l Team Foundation Server
l Windows RDP
l .NET Core
l .NET Framework
l Active Directory
l ASP.NET
l Common Log File System Driver
l Microsoft Browsers
l Microsoft Edge
l Microsoft Exchange Server
l Microsoft Graphics Component
l Microsoft JET Database Engine
l Microsoft Office
l Microsoft Yammer
l Project Rome
l Skype for Business and Microsoft Lync
l Visual Studio
l Windows Hyper-V
l Windows Kernel
【修复建议】
建议用户关注并依据实际业务评估漏洞风险影响,选择更新相关产品补丁,以提高系统安全性;
修复方法:打开 Windows Update 更新功能,点击“检查更新”按钮,依据业务需求下载安装相关安全补丁,安装完毕后重启系统,并检查系统运行情况。
【参考链接】
https://portal.msrc.microsoft.com/en-us/security-guidance
特别提醒:修复漏洞前请进行充分测试,并务必做好数据备份和快照,防止出现意外。
平安金融云
2019年9月11日
